The EU-US Passenger Name Record (PNR) agreement has been among the most controversial instruments in the fight against terrorism that the EU negotiated with the US after the 9/11 terrorist attacks. The agreement has been heavily criticised for its implications regarding fundamental rights, in particular the rights to privacy and data protection. Nevertheless, the EU has put forward plans to develop its own PNR programme. The present article aims to examine the new dynamics concerning privacy that arise from the transatlantic fight against terrorism. It argues that, while attempts for the development of a transatlantic privacy protection framework have been made, 'spillovers' of security, taking the form of internalisation of external counter-terrorism measures, are prevalent in the era of the war against terror.
UTRECHT JOURNAL OF INTERNATIONAL AND EUROPEAN LAWKeywords: privacy; data protection; counter-terrorism; PNR The present article aims to examine the new dynamics concerning privacy that arise from the transatlantic fight against terrorism. It argues that, while attempts have been made for the development of a transatlantic privacy protection framework, 'spillovers' of security taking the form of internalisation of external counterterrorism measures are prevalent in the era of the war against terror. In this respect, using the PNR case as an example, the article submits that a fundamental paradox in the EU's fight against terrorism is emerging: external security measures severely criticised by the EU institutions for violating EU privacy and data protection standards are followed by proposals for the internalisation of the same or similar internal security measures which call into question the common vision of the EU as the cradle of privacy protections.This article is structured as follows. First, it presents a brief overview of the EU-US PNR saga. It then addresses the contention articulated by James Whitman that Europe and the US are 'two western cultures of privacy' by taking a look at the EU and the US privacy regimes. Subsequently, it discusses the need for the development of a transatlantic privacy and data protection framework and critically examines the relevant existing proposals. Finally, it investigates the EU's own PNR proposal and argues that 'spillovers' of security are taking the front seat to potential 'spillovers' of privacy in the transatlantic fight against terrorism.
The right to be forgotten as established in the CJEU's decision in Google Spain is the first online data privacy right recognized in the EU legal order. This contribution explores two currently underdeveloped in the literature aspects of the right to be forgotten: its unexpected consequences on search engines and the difficulties of its implementation in practice by the latter. It argues that the horizontal application of EU privacy rights on private parties, such as internet search engines—as undertaken by the CJEU—is fraught with conceptual gaps, dilemmas, and uncertainties that create confusions about the enforceability of the right to be forgotten and the role of search engines. In this respect, it puts forward a comprehensive legal framework for the implementation of this right, which aims to ensure a legally certain and proportionate balance of the competing interests online in the light of the EU's General Data Protection Regulation (GDPR).
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.